title: HTTPS-ing GNUcode.me
date: 2020-09-03 20:00
tags: nginx http
summary: Securing GNUcode.me via HTTPS
---

So, when I recently re-configured this website with `guix system` and the
associated `nginx service`, I set up the site to work just fine with `HTTP` and
HTTPS.  The difference is that `HTTPS` has a little green "this site is secure"
logo in the upper left hand side of your browser.

The tiny baby little problem was that users could happily use the insecure
version of the site, which could promote a man in the middle attack.  Luckily
I've been reading up on the `HTTP header` `Strict-Transport-Security`, which
allows me to inform users that my site supports `HTTPS`.  You can still browse
the site using `HTTP`, but most likely your browser will re-direct you to the
`HTTPS` version.

You can verify this yourself with the following:

```
wget http://gnucode.me
```

And of course I have to show the
[configuration](https://notabug.org/jbranso/linode-guix-system-configuration/src/master/linode-locke-lamora-current-config.scm)
for my linode guix server looks something like this:

```scheme
(service nginx-service-type
         (nginx-configuration
          (server-blocks
           (list
            (nginx-server-configuration
             (server-name '("gnucode.me"))
             (listen '("80" "443 ssl"))
             (root "/srv/www/html/gnucode.me/site/")
             ;; tell browsers my site supports HTTPS, and tell them that it will
             ;; at least work for 1/2 hour.  Gradually,  I will increase this number.
             (raw-content (list "add_header Strict-Transport-Security max-age=1800;"))
             (ssl-certificate "/etc/letsencrypt/live/gnucode.me/fullchain.pem")
             (ssl-certificate-key "/etc/letsencrypt/live/gnucode.me/privkey.pem")
             (locations
              (list
               (nginx-location-configuration          ;certbot
                (uri "/.well-known")
                (body (list "root /srv/www;"))))))))))
```

[Guix System](https://guix.gnu.org) makes this kind of thing really easy!  You
should try it!

Happy Hacking! *insert cute emoji here*
